Posted
by
timothyon Thursday March 04, 2010 @10:58PM
from the next-time-gadget-next-time dept.

Colonel Korn writes "Ubisoft's recent announcement that upcoming games would require a constant internet connection in order to play has been discussed at length on Slashdot ('The Awful Anti-Pirate System That Will Probably Work'). Many were of the opinion that this new, more demanding DRM would have effectiveness to match its inconvenience, at least financially justifying its use. Others assumed that it would be immediately cracked, as is usually the case, leaving the inconvenience for paying customers and resulting in a superior product for pirates. As usual, the latter group was right. Though Ubisoft won't yet admit it, Skid-Row managed to crack the new DRM less than a day after it was first released."

Engineering hours building unbreakable DRM: $1.6M
Marketing devoted to managing customer hostility to new DRM: $800K
Lost sales due to customers boycotting your product: $2M
Having some wiseass kid from Sweden break your DRM on the first day: Priceless

To be fair, DRM is always in waves. You create game 1 with how new DRM system X! It is cracked in a day. You create game 2 with an updated version of DRM system X! It is cracked in two days. You careate game 3 with an updated version of DRMX... etc.

Like a lot of things, DRM is really difficult to get right the first time. Of course the new "uncrackable" system was cracked in a day. The engineers are probably smacking their faces at some random loose end they forgot to tie up. Each next iterations w

While I find this story hilarious (if true), according to the article, the actual DRM scheme of requiring constant internet connection has not been cracked. What happened is that Ubisoft chickened out and didn't implement the scheme fully - it included a feature (to be enabled by a patch if necessary) that allowed games to be played without internet connection after all, and this is what has been hacked.

I didn't see that anywhere in TFA. The only place that mentions that is a single, anonymously left comment. Not exactly the most credible source.

I didn't get that from the article at all. What the article said is that Ubisoft said, "In the event that all servers are turned off we could patch the game to not require a server connection." That's a long way from "Ubisoft included a feature that allowed games to be played without an internet connection."

Or to use a car analogy, it's like saying that Honda includes a feature that allows their cars to be easily stolen and that by hotwiring a car, the thieves are just enabling that feature.

The thing is, "requiring a constant internet connection" isn't something that you can just tack on in an unhackable way.

You can use the various DRMed binary obfuscation tricks to slow them down; but the hackers will eventually manage to neuter the internet checking stuff, producing a tame version that always returns what the program wants to hear, or a version of the program that doesn't even care.

The only way to really force the issue is to actually move large chunks of vital game code to the server, and only provide the output of that code to the client. For instance, they could hypothetically ship the game with absolutely no AI code, and have every NPC in the game controlled by AI code on their server, just as if it were a multiplayer game. The trouble with doing that sort of thing is twofold: One is latency. There are only certain parts of a game's code that can reasonably be moved 100+milliseconds away from the user. AI would be doable, if suboptimal, because of our experience with providing adequate multiplayer FPS results. It'd be worse than doing it locally; but DRM shows a willingness to hurt paying customers, so so what? Second is cost: the more code you move to your server, the more computational capacity you need to maintain for the supported lifespan of the game. The more data you need to transfer back and forth, the higher your bandwidth bills, and the more customers with marginal connections you lose out on.

The problem is, if the internet presence check is purely artificial, hackers will strip it out, just as they stripped out CD presence checks and offline serial key verification checks. If the internet component is vital, the hackers won't be able to simply strip the checks; because they'll be left missing whatever pieces are server side; but you run into new issues. If the vital component is static(certain textures or models or something aren't shipped; but are downloaded when needed) it'll be extracted and posted on bittorrent inside a week. If the vital component is dynamic(as in the AI example, where the client sends player location data and gets back a series of movement commands for NPCs) it cannot be usefully extracted; but you will take on substantial server load over the lifetime of the game, and whatever that dynamic component is will suffer from latency.

This is where another problem comes in. Since your servers cost money, you want to make the server-side dynamic component as computationally cheap as possible. The simpler it is, though, the easier it will be for hackers to simply write an equivalent version of whatever it is, and make that version, running locally, available in their cracked copies. Unless you can find something that is, simultaneously, computationally cheap to run, very hard to rewrite, and fairly insensitive to latency, you are screwed.

There may, in fact, at least for some games, be an aspect of the game that fulfills these criteria. In that case, anybody who wants to crack the game will, indeed, have to spend weeks or months doing real software engineering to re-implement whatever it was that you left off the disk and on your server(assuming a copy of that doesn't leak on day two, which would be embarassing) in addition to doing the basic cracking work required to defeat the artificial checks and any SSL style verification of the server the game binary is talking to.

You can use the various DRMed binary obfuscation tricks to slow them down; but the hackers will eventually manage to neuter the internet checking stuff, producing a tame version that always returns what the program wants to hear, or a version of the program that doesn't even care.

The problem with the way DRM is inserted into a game is the way DRM is inserted into a game.

DRM cannot be programmed in from the word go as this would severely hamper the development team, they'd spend as much time fighting their own DRM programming as fixing bugs and writing new code. With EA/Ubi/Take2 working their dev's like slaves with ridiculous and unmovable deadlines this is considered impossible. So DRM is tacked on after a games completion, it's developed by a third party (Thales, Sony DADC and so forth), purchased and then tacked onto the exe or other binaries. If it weren't for this fact DRM would be extremely difficult to crack as it would be rooted so deep. DRM also accounts for at least 15% of a games cost at retail as it's covered by a per unit license, A$20 with the difference between Civ IV retail and Gal Civ II retail.

So it is as you said, as long as the exe hears what it wants to hear from what sounds like the DRM it will run.

News like this makes me happy, Ubisoft spend millions on this DRM, talks it up and it gets broken on the first day. I can believe that there is some justice in the universe, Karmic retribution at work.

Another downside to shifting that dynamic content to the server side, as a result of the increased infrastructure costs in the way of hardware, labor, bandwidth, etc. is that you're not going to run the servers for nearly as long as they currently run authorisation or simple match-making services. Now I REALLY don't want to buy your product, because you're going to render it useless in a few years.

(I realize that replying to yourself is sort of narcissistic; but I didn't think of this until just now...)

It strikes me that the challenges of server-based DRM techniques are actually strongly analogous, in many respects, with the challenges of hardware dongle based DRM techniques.

With both dongle and server setups you have a client(untrusted, presumably a nest of filthy pirate scum) where most or all of your binary is running. You also have a dongle or server which is computationally constrained but strongly trusted(at least compared to the client, no trust is perfect). You finally have a channel between them, either the internet or the USB bus.

In both cases, you face the problem of the dongle/server being an artificial requirement. You can build your binary to demand it and freak out if it isn't there; but the binary lives on the untrusted client, and so that can be stripped.

In both cases you have the option of getting around this artificiality problem by omitting vital parts of the program from the client and building them into the dongle or the server. In both cases, though, you are limited by the fact that computational power on the dongle or server is far more expensive, from your perspective, than computational power on the client(server computing power is cheap, per unit; but taking on the obligation to provide it on demand 24/7 for the next five years to everybody who bought a $60 box at retail, plus paying for bandwidth, isn't cheap. As for dongles, computational power, per unit, is way more expensive from a custom embedded chip fabbed and packaged to be tamper resistant and run from bus power than it is from the latest intel core whatever.).

In both cases, there are two basic ways that hackers can get around you. Either they re-implement whatever you have moved off the client, and modify the client binary to talk to their implementation, or they illicitly obtain a copy of your implementation(dongle clone or server own/leak).

There are some differences, though: The major advantage of the server approach is Global Knowledge. If every client talks to the server, and every client has a unique serial number, it is trivial to detect and reject cloned serial numbers(less trivial to know whether you are rejecting the cloner or the customer who legitimately purchased the retail box that the cloner targeted; but DRM isn't about customer satisfaction, so who cares?) With dongles, cloning is harder; but if some shady operation on the pacific rim decides to stamp out a million copies of one of your dongles, your client binaries will all happily accept them.

The major disadvantage of the server approach is bandwidth and ongoing cost. USB2 is a 480Mb/s bus. Even in the real world, it is pretty damn fast compared to virtually any residential internet connection. The latency picture is even better. The "ping" to a USB device is virtually nothing, while client/server ping across the internet will always be nontrivial. Further, there are plenty of places(travelling, military, etc.) where an internet connection is either uneconomic or unavailable and, even when it is, tends to have lousy speed or latency or both. Hardware is much more portable, and the speed of the local bus will always be the same. Plus, with local hardware, you face no further bandwidth bills or server upkeep expenses.

A dongle, unless it’s a FPGA or custom chip actually executing game logic, does not help anything.Steinberg Cubase, an expensive program, had its entire UI encrypted, and only decrypted right before execution, by a USB dongle.Which made it slow and unresponsive. (That’s why they couldn’t encrypt the core.)Someone simply went, and managed to pipe the whole encrypted code trough the dongle.Done.

As a result, the pre-decrypted program run significantly smoother. Some people even cracked their

That would be essentially equivalent to the "If the vital component is static(certain textures or models or something aren't shipped; but are downloaded when needed) it'll be extracted and posted on bittorrent inside a week." case.

Given a mixture of gaming skill, inferential sleuthing through the game files(examining maps, quest dialog trees, and the like), and hacker tricks(find out where in memory the variable that stores your hitpoints lives and the challenge just isn't so serious...), it should be reasonably expected that a motivated attacker should be able to play through a game really fast. And, for any static information, it only has to be recorded once and then distributed through the usual illicit channels.

Plus, more seriously, if you want to distribute information to the client in little pieces, according to where the player is in the game, your client binary has to include a mechanism for summarizing the game state and sending the summary to the server so that the server knows what to send and when. Figure that mechanism out, and you can spoof the game-state summary messages to systematically request what you need. To combat that, the server could keep a running tally of what was reported, and when, by each and every client and attempt to detect impossible or inconsistent game-state progressions, which would indicate spoofing; but that, again, adds cost and complexity to the server side, and raises the odds of accidentally banning speedrunners, players who stumble across bugged quests, and whatnot.

If item spawning is dynamic, you avoid the one-time-download problem; but run into the server cost vs. ease of re-implementation issue previously discussed(server cost would likely be pretty low; but the threshold for re-implementing item spawning "good enough" for decent gameplay would likely also be pretty low).

I have to consider the option of using a VM to run windows, then doing the debug from the host system there by rendering the windows anti debug APIs moot. In using a VM or even 'rooting' your own system you can get around the systems that would normally prevent the reading of the information. Really it's all just a loss for the vender that uses DRM as there will always be a way around it so long as it has to run on a system that the user controls. Though saying that, I am starting to understand the ideas be

Exactly, what *when* they go out of business? Because on the scale of what gets done when a company is bankrupt customers are dead last. There are no more customers: the company is gone. What matters at that point is creditors and the more your owed the higher you are on the list. If there is no non-restricted version held in escrow with a lawyer who has explicit instructions to release when the company goes insolvent then FACT: Your purchase is gone.

Its not really about when they go out of business; just look at companies today. NOBODY keeps game servers up for the entire lifetime of fans using the product. Hell, they just canned ALL xbox online functionality, and I was reading about all kinds of other games shutting down their servers, as soon as nobody's buying it anymore, its not profitable, so they shut it down and move on. If you ask em now, sure, they're gonna make it look like they'll be up for the life of the company, but thats completely unrealistic.

I wish all developers would realize that in the real world you market at your CUSTOMERS. A business is concerned with profits, not vigilantism. If a game is playable single player, it should never lose the ability to be played on the proper hardware, even a hundred years later. Requiring a connection to a business owned server is ludicrous.

Seems to me like the correct solution (from their perspective) ought to be to release a game with tons of DRM, sell it for awhile, then disable the DRM once it's no longer profitable. This is, of course, if they intend to stay in business and wish to avoid alienating customers from future purchases.

Seems to me like the correct solution (from their perspective) ought to be to release a game with tons of DRM, sell it for awhile, then disable the DRM once it's no longer profitable. This is, of course, if they intend to stay in business and wish to avoid alienating customers from future purchases.

Been done at least once that I know of. UT2004 (IIRC) shipped with a DRM scheme that required a CD to be detected in the drive. Within a month, they patched this functionality out. Essentially, they reasoned they'd look good to the customers by doing this, and any good the DRM did in delayed cracked copies from finding their way onto the net was over and done with - even if the DRM worked on the launch day (which is a big if), you can bet in a month it'd be long cracked.

No they did not. They said such a patch could be made. It does not currently exists and the question they don't answer is. If Ubisoft lose all their money, and go bankrupt, who is going to pay the developer for making the code to remove the drm.

I prefer to support gog.com, since they release games DRM-free. I can download the games I buy as many times from as many machines as I want and keep playing them for life. Voting with my wallet, even.

But in that case they didn't need such massive DRM. They could have made a regular CD check or whatever. It would still be cracked in a day and it would still require pirates to download the crack, so the lazy (as you said) users would still have to buy the game.

You guys are assuming that because a crack was made available in less than 24hrs that this somehow means that Ubisoft isn't going to make much money on the game. I'm sure the devs expected it to be cracked, maybe even quickly - but they'll still make good money from these games. Users are lazy... many aren't willing to troll warez sites to find the crack... many don't even know how.... sure, they'll lose money from people who crack the game instead of buying it, but they'll still make a lot more from those that dont know how, or don't bother.

They already lost my money. I was halfway interested in AC2. Didn't buy it because of the DRM. Didn't pirate it. I have no intention of doing either.

This is a case where voting with your wallet is the way to go. If they see dropping sales figures as compared to the first game that aren't matched by rising piracy figures, then that tells them that some people out there have ethical reasons not to pirate, and are opposed enough to intrusive DRM crap not to purchase. A pirate doesn't interest them, but a lost customer does.

The really sad thing about this DRM being cracked is as much a win to the consumer as to the pirate. The pirate gets a game that functions under more circumstances than the consumer, which I imagine will lead to more consumers being pissed off at Ubisoft and resulting to pirate a game they've already paid for just so they can fucking play it without having a connection to the internet 24/7.

Actually no, because *I* will no longer buy Assassin's Creed 2 and people I know will not buy it either because of the DRM. I do not wish to dick around with cracking tools just so I can play a game.

But I'm certain Ubisoft would say they didn't want my money in the first place:)

And yes, the first game (Assassin's Creed 1) was good but was very laggy every time Ubisoft's servers crapped out. The solution was to unplug the ethernet cable to get a game you paid for playable!! So, no Ubisoft crap for me anymore.

I propose that, by shipping games with DRM, software vendors are promoting the dissemination of malware. This means that DRM is a direct contributor to spam, botnets, and all the other nasties that infest our Internet.

Speaking of "socially irresponsible," DRM doesn't expire with a copyright, meaning that once a protected work falls into the public domain, people won't be able to use the work according to their rights under copyright law. Unless someone can point me to a clause in the DMCA that allows the circumvention of public domain works, that is. But people shouldn't have to crack public domain works to exercise their rights, whether it's legal to do so or not. (Plus, with anti-circumvention tools blanket-banned by the DMCA... well, I guess it doesn't matter whether it's legal, does it?)

Unless someone can point me to a clause in the DMCA that allows the circumvention of public domain works, that is.

The DMCA would only apply to access control mechanisms that protect an underlying copyrighted work. There is case law on this; simply cracking an access control mechanism is not enough to run afoul of the DMCA, there has to be something copyrighted that is being protected by it (e.g. not just a short number for example). (However, cracking and access control mechanism to a copyrighted work without infringing the work will run afoul of the DMCA, so the law is still idiotic).

In this case if the work's copyright had expired, there would be no valid copyright in question, so the DMCA would not apply. But your point about the ban on distribution of tools in interesting... since in this hypothetical situation, a circumvention tool would probably contain material that could crack access controls on both copyrighted and copyright-expired works.

Copyright is life of the author + 70 OR 95 years from publication OR 120 years from creation (in the United States). Life+70 is only used in some cases (non-anonymous, non-pseudonymous, non-work-for-hire) -- most works are under the flat 95 years from publication (or 120 years from creation for anything not published). But other countries have different laws -- Canada is life+50 instead of life+70, for example.

What the GP was referring to, however, was how essentially nothing becomes public domain these days, due to *constant* lobbying by large corporations to extend and restrict copyright, patents, and trademarks (major extensions in the USA happening in 1976 and 1998 -- life+50/70 in 1976 and life+70/95 in 1998, both of these commonly believed to have been passed specifically as a result of Disney lobbying to 'protect' Mickey Mouse). That and the complexities of copyright law and revisions to those laws that make it nearly impossible to tell if a work is covered by copyright or not unless it was published prior to 1923 (which means it's definitely not).

Once past 1923 (but before 1976), it depends on if a work was ever registered and renewed or not -- and by god, there are massive disputes over many works from this period (were they registered, who renewed them, were they renewed, who had the rights to renew them at the time, etc...). If published, registered, and renewed, it's 95 years from publication for any works between 1923 and 1976. If not published (but registered and renewed -- I don't think many, if any, works fit this), it would be 120 years. Once you hit 1976, it depends on if the work is covered under the life+70 or the flat 95. If the work has a non-anonymous, non-psuedonoymous author, and was not a work-for-hire, then you have to find out the date of death for the original author and add 70 years. If the work was anonymous, pseudonymous, or a work-for-hire, then the flat 95 applies. Unless that work was unpublished, in which case it's 120 years instead (and don't ask me what the barrier for 'publication' is, I have no idea). I also have no idea which does/doesn't apply if there are multiple authors or anything else vaguely unusual about a work's authorship.

Anyway, this applies for works in the USA. International copyright probably gets even more nasty with the varied treaties/extradition/etc. Basic rule of thumb, currently, is that the USA has the longest copyright and anything before 1923 is therefore safe. Anything after that, you'd need to do a lot of research on who does/doesn't hold the rights. Or take a gamble that no one will care/notice -- but that's probably not smart.

The expiration of copyright has never guaranteed you access or rights to the use of primary sources.

That's true, but nobody said anything about primary sources.

The thing is: if I own a book, when the copyright expires I can legally copy the book and distribute the copies as I wish. Things have been this way for a very long time.

Now, since the DMCA, I can't legally make copies of whatever is protected by DRM even when the copyright expires. Even if I'm technically able to break the encryption, the DMCA states it's illegal to circumvent any copy protection.

in jest (that humor itself is priceless), I certainly could not agree more. The reality of DRM is that the whole concept is flawed, by the logic alone. In that you have to give the user everything they need to run the app, or listen/watch to the media, so what is there to prevent someone skilled with IDA Pro from making it work for their own purposes after the DRM manages to sufficiently piss them off? So, you there you sit, you have the key, you have the data/code/bi

Normally I actually pay for my games. In most cases, I do it the old school way - I buy physical discs from physical stores. Lately though, companies like Ubisoft seem like they're treating me like a criminal for giving them my money. At this point, they're really making it more convenient for me to prove them right.

the effort required to "track down" a copy is far far less then the effort to earn the money to buy the game, so there will always be people who will go for the torrented copy no matter what.

business also can't ever be expected to make games so cheap they can compete with free.

i don't however think DRM that phones home constantly and causes problems with your PC even after playing should be an acceptable answer. I think the answer lies not in DRM, but in content being provided post sale which can only be

from a typical business mind set i can totally see why software houses do DRM. the problem is that the supply and demand models that our businesses run on don't actually apply all that well to digital media. there is an infinate supply, and demand can change in a single day, based on a one news article.

instead of focusing on selling goods, they should suck it up and realise they are selling a service and model themselfs around the hospitality industry where customer satisfaction is king.

Imagine a person, in a casino, sitting at a slot machine. They're pumping coin into it and steadi;y losing everything. They know that they should walk away, but they can't. Walking away means admitting to themself and others that they lost. And so they keeping telling themself that if they keep playing long enough, they will win back enough to at least break even.

The same is true of Ubisoft, Microsoft and all the other companies who keep pumping money into the DRM slot machine. Year after year they keep coming up with new DRM schemes to replace all the previous ones that have failed (ie, all of them). They can't stop. To stop would be an admisison of failure. An admission that even if they created uncrackable DRM, the extra sales revenue wouldn't even come close to covering the cost of creating and maintainging new DRM schemes.

The thing is, they _know_ that they can create an uncrackable DRM which would help stop piracy: a physical USB dongle and an RSA token. The problem is that doesn't help stop resale, because the physical USB dongle and RSA token can be resold to a new person with the software. So they don't do it, because it's not about piracy.

1. Ubisoft creates a reasonably simple (read cheap) traditional DRM;
2. Ubisoft promises to donate five thousand dollars to cancer research for each day the game goes without being cracked, for a year.

I'm a big fan of Silent Hunter. But I won't buy or play the new one until they release it sans DRM. It's really funny; watching the videos from Subsim, you constantly see messages about "no internet" and then, a few seconds later, "internet reconnected". That sure helps you to remain immersed in a faithful WW2 sub sim. After all, Adolph would have won if not for his shitty broadband connection.

I'm a fan of Silent Hunter as well. And I work for Ubisoft, so I can get it for really cheap from the company store. However, they would have to pay ME to play that shit. As a result, I'll be downloading it via bittorrent, just like the rest of you. Kudos to the clever hacker.

We get paid a salary. But we also get some residuals based upon the sales of our game. In this case, Silent Hunter and any other PC exclusive Ubisoft game are going to sell like shit for the next little while until this madness is stopped. The execs don't care, because they get to tell the shareholders that they are doing everything in their power to stop the evil pirates. So the execs get to keep their jobs and make tonnes of money. Everyone's happy, unless they are the developer, the consumer, or (ironically) the shareholder.

So, yes. Pirating the game does take a few coins from the pockets of the developers of this game. But it's but a small fraction of the sales anyway, so it really doesn't matter. The point is that if the piracy rate actually INCREASES, then the execs might actually have to answer for this nonsense at some point. They'll no doubt spin it to look like angels, but I'm sure that if the piracy rate is really high, then this might end at some point.

While you have a point, consider that if you pay for it you make them think their DRM is acceptable. As a compromise, I suggest buying it, pirating it, and writing an angry letter explaining the situation. It'll be ignored of course, but it would make me feel better.

Well if that happens then they blame the pirates for lost sales, which is the current way game companies deal with poor sales.

Piracy rates are can be tracked. They'll know, to within a moderately narrow margin of error, how many copies were pirated, and they'll know exactly how many were sold. Both numbers will have been estimated prior to launch by the bean counters.

If the game fails to reach its sales quota, but is pirated more extensively than anticipated, what that tells them is that even more extreme anti-piracy measures are needed. The difference between sales figures and sales projections will be treated as "lost sales", with the blame placed on the rising piracy figures.

If the game tanks, and the piracy rates are no higher than expected, that sends a different message. It tells them that the piracy rates aren't to blame for the "lost sales" - customer boycotts are.

The only way to kill DRM in the long run is to convince the people making the decisions that it's costing them more money than it's worth. Don't buy or pirate Ubisoft's crap. Don't give them money or mindshare. Write them off as a loss, and buy games from publishers who don't treat their paying customers this way. Either they'll learn to do better, or the publishers who don't saddle their games with this crap will out-compete the ones who do in the long haul.

If you buy it, you are supporting UbiSoft. You are supporting their game development team, which may be good, but also the boneheads who selected this DRM technology. They will only be reporting on sales to their managers, and if they can spin a story that their decisions, including the DRM, resulted in higher sales, they'll get a pat on the back and a "jolly good, carry on."

So if they release a game with nasty DRM and sales tank, they blame the sales on "piracy" and justify that as an excuse to toughen up the DRM.

If they release a game with nasty DRM and sales soar, or even remain steadyish, they assume that the DRM magically converted pirated copies into actual sales, and toughen up the DRM in the hopes that this trend continues.

I think we've reached a point where pirates are not just a fringe group of people who just don't want to pay for games, but are actually the competition. They are releasing a similar product to yours(in fact, it is your product) only it's better.

I love how everyone bashes DRM without thinking of the consequences of not using any. Pirating is far too widespread. For every person who pirates a game, less games are made for the PC for this very reason. Pirates blame the developers for using DRM, the quality of the game is reduced for actual customers, yet the pirates are the one to blame.
Stop trying to spin the argument, pirates. You're the very reason that this shit happens.

I'm feeding the troll, but... prove that a downloaded copy is a lost sale and I'll concede your point.

(you might also consider the hypothesis that DRM exists not to stop piracy, which it doesn't, but to lock customers to specific devices and/or to get them to re-buy the same content over and over, which it does.)

Not EVERY download is a lost sale but prove to me that there isnt a significant group that would buy it otherwise but get it for free?

That group exists. Nobody can prove that it is or is not significant.

People need to be honest why they download stuff. Many say 'oh I want to try it before I buy it' LIAR. I know my reasons. I wanted to play free games.
People say 'they wouldnt buy it anyway'. LIAR. I know my reasons. I wanted to play free games.
People say 'I cant get the game anymore'. LIAR. You can get a

I love how everyone bashes DRM without thinking of the consequences of not using any.

The consequences? The consequences are we go back to the 1980's-90's software culture, and I'd actually pay money for a computer game again. Sure, there might be annoying wheel-spinners or license keys, but the companies might be able to afford cloth maps again, or wishbringer stones, or paper manuals with associated fluff. As things stand now, I play my old games, and only buy occasional used ones for my Wii and Xbox. The kids who copy computer games from their friends when they have $0 grow up to be adults who buy games when they have $$$$, unless those games don't work. I stopped buying PC games right after Mechwarrior4, because the DRM on that piece of crap wouldn't work in any of the 3 CDROM drives I owned, and MS's tech support said: "go buy another drive; hope it works" I gave it to a friend. Back then I still believed it was anti-piracy copy protection. Now I know it was the beginning of the PC software industry's war on end-users (not customers; their customers are the middle-men like COMPUSA who get stuck with gamebox overstock and sell it at a loss until they go out of business).

Management: Let's put this DRM to guarantee that the game isn't pirated.Developers: Great! Let's do it!Crackers: Let's crack the DRM.Pirates: Let's wait for the crack....a day later...Crackers: Done!Pirates: Great!Customer: This stupid game doesn't work on my computer. Maybe my friend can help me make it work...Friend: Oh that's because of the DRM, just go to site x and download the cracked copy.Customer: Thanks! Oh, there are more games there and they all are available for free, nice!

The bottom line is that pirates still get the game for free whether it has DRM or not. The only difference is that putting the DRM in costs the company some money.

Your argument would be valid if the DRM worked. It doesn't, so, for the pirates, it's the same, just the paying customers are inconvenienced.

Before they were self publishing, their publisher required them to have DRM in the store release, but the lead Dev patched it out in an official patch a few months later.

Now they self-publish and host Gamersgate, which beyond the download check, the game itself is completely copyable without any DRM whatsover.

Does that mean people pirate their games? Yes, they do, but players like myself have basically spent hundreds of dollars on their games because:

1. They have no DRM2. The developers are active with speaking directly with users on the forums3. They have open beta patches with registered users to test bug fixes with the gaming community rather than throwing stuff out there.

Right, because Ubisoft et al. have no responsibility whatsoever for their actions. They are being forced to include draconian DRM with their games! They have absolutely no other options... not even, you know, innovating and changing their business model to suit the changing world... or, you know, giving a crap about their customers...

Do you honestly think that companies would invest money to create DRM if piracy had not become so widespread?

Media executive: Hmm... if we put technical restrictions on our content that stops people from using these newfound copying powers that the Internet and personal computers have given them, we can make them buy the same content over and over each time we issue a new format. We can also make them buy a new copy of each bit of media that they want to put on a separate device (iPod, second computer, bac

The only thing that I'm surprised about is that companies remain so obstinately stupid in trying to implement Digital Rights Restrictions.

Anyone who has ever been involved in software development knows that even when it comes to relatively simple systems, all it takes is one minor SNAFU, one little bug, for the whole thing to be laid bare before skilled hackers. And it doesn't even have to be a problem with your code; it can be in anything from firmware to the operating system to libraries you've linked to to the compiler you used. Add to this the fact that Digital Rights Restriction systems are hardly anything but relatively simple; they typically encompass very complex encryption, heavy duty mathematics, picky dependencies on very specialized hardware and/or software and/or connectivity requirements, etc.

Also, how many people did it take to write your Digital Rights Restrictions system, and how smart were they? Let me tell you, it's not like there's just one guy holed up in a basement somewhere working on cracking the Digital Rights Restrictions of a popular game. There are thousands, maybe tens of thousands. And they all want that reputation boost (or sometimes even financial gain) of being The One Who Cracked [insert game title here]. Oh, and maybe your people are smart, but these people are frickin' brilliant.

Yet still, these companies are under the delusion that after decades of abject failure after abject failure by companies much bigger and more motivated than they are to stop software theft, they're going to be the ones that come up with the magic bullet, that special recipe that will keep their software locked. So sure of it, in fact, that they're continually willing to invest a lot of time, money, and effort into their futile pursuit. The reality of the situation is that all it takes is one. One hacker, one flaw, and every cent you poured into your Digital Rights Restrictions system is *poof!* gone.

I'd like them to hire me to create the Digital Rights Restrictions system they use for their next game. I'll charge them a few thousand dollars and put a text file on the root of the installation media that says, "It would really mean a lot to us if you would not copy this game illegally, so please don't. Thanks!" Now, I know you're probably thinking, "But Skippus, people would be able to copy the game from day one!" My contention is that I've saved them tens to hundreds of thousands of dollars and my Digital Rights Restrictions system lasted just one day less than the one they would have otherwise spent so much money on.

The other way to make companies realize that the DRM system doesn't work is to write them a letter to the effect of:

I would have bought your game, but its DRM system made it a pain to play. Naturally, I could buy the game and get the crack after a day or a week, but then you would not have learned your lesson. Therefore, I abstain from buying (and playing) your game.

Even better, write the stock holders about how the company they've invested their hard money on is blowing it on stupid schemes that don't work. Seriously, the companies won't listen, they'll just blame any revenue decrease to piracy and blow money on even more elaborate drm.
Also drm isn't really about copy protection so much as stopping re-sale and forced eol so you eventually have to buy 'Wonder game XVIIIIVIIX, the quest for more cash' with new improved names

Or to give a more simple reason why DRM doesn't generally work, PCs are open systems, the content has to become available to the system at some point whether it's encrypted, or sent across the network. It still has to end up on a system whose memory and executable code at run time can be peeked and poked at will.

The only real workaround is to process some game logic and such server side, but that is going to cost the company a lot in terms of processing power, a lot in terms of bandwidth, a lot in terms of

When I was a kid, the (ZX Spectrum) games were on audio tapes. Almost every kid I knew who was into games had a twin tape deck. This produced an imperfect analogue copy of the game and obvious wasn't much good for more than one or two generations.

A smaller subset had a Multiface, which was basically a hardware non-maskable interrupt generator - it would halt your machine and swap a few kilobytes of the RAM for a debugger - which just happened to have a

The interesting thing is that for crimes that are easy to do and get away with, like uploading files (I realize that's not a crime, but bear with me) and shoplifting chocolate bars is that psychology is the best defense. Shaming potential thieves by putting up a "please don't do it" sign actually works. Putting in technological defenses does nothing and also attracts the kind of people who are interested in a challenge.

You're IMHO seeing the wrong problem, or rather just one half of the problem.

While a system like this won't and didn't stop piracy, it might just achieve what other systems have failed, and that the publishers have been whining for for a decade: it might just revoke a lot of honest customers' consumer rights.

Let's face it, one of the things they _have_ before whined about, and occasionally even tried to prevent, is that you can buy a second hand copy on eBay instead of paying them for it. You know, just for

So what you're saying is that it's ok for companies to dick 99.7% of their customer base, who would never pirate the game in the first place, just to delay downloaders from getting it by a day?

I love that kind of rationale.

See, it's not about the 99.7% of people. They buy the game, whether it's easy to crack or not. To me, fucking them over isn't a good thing at all, you lose 99.7% of your revenue. Look at what happened with EA. They screwed consumers with Spore, they saw the outrage from the people who don

"Wait now, we spent how much licensing/writing this scheme to restrict digital rights for people? And it was cracked when!!?"

My line of thought would be: How much profit would we make selling a game without Digital Rights Restrictions versus how much would we make selling a game with Digital Rights Restrictions? Well, let's see, there's the obvious direct cost of licensing/creating the system that we would save. Plus, it doesn't do any good anyway, because the so-called "pirates" are going to crack the system anyway and the vast majority of people who were going to buy the game before are still going to buy the game. Also, we don't risk the PR nightmare of the Digital Rights Restrictions having a bug that could negatively affect their gameplay. Oh, and we can actually use it as a marketing point in selling the game.

Not imposing Digital Rights Restrictions is win-win proposition for both the company and the consumer. The only people who lose out are the people who write Digital Rights Restrictions systems, and as a board member of a company that now has nothing to do with them, I couldn't care less.

That's not how these people think. This is/standard/ CYA (cover-your-ass) strategy for any office.

Inquiry: "What have you done to stop all this piracy!?"

1)Response: "I initiated/contracted a DRM system."Result: Piracy, but at least it looks like you did something.

2)Response: "I don't think it'd help to spend money on DRM, it'd only reduce our sales"Result: Piracy, but now it looks like you didn't do anything!

The boss probably got to where he was by protecting himself from looking bad. DRM is an easy sell to guys like him. He needs an excuse. Otherwise he is relying on the hope that the investor will believe his story about DRM being ineffective.

It's much better to be a man of "action". Guys who do things and shake things up. That's how you get noticed. Politicians do the same thing. Nobody wants to be the guy who doesn't increase any programs and doesn't spend any money on new things. He looks useless, even if he ends up balancing the budget! So the politicians all campaign on making things happen, spending money, cutting taxes...and then they leave the problem of paying for it to whoever comes after them. And whoever comes after them does the same thing because being a man of action is still better than being the guy who did nothing at all.

Look for the comments attached to the release, it'll tell you everything you need to know.

And then install it from the cryptic readme text file? I'm talking non-geeks.

People are not retards. By their second game, they'll know what "copy cracked exe over the original one" means.

I'm talking non-geeks. People who send their PCs to the geek squad. People who've got no idea how a byte is different from a bit. You know, the other 99.7% of the user base.

Irrelevant, they'll have geek friends. Sure, I have friends I'd rather trust with a house plant than a computer, but who the fuck are you to tell them they can't play with games they've already downloaded? (Mind you, in this country, it's legit for personal use.)

They use DRM because DRM works on the majority of consumers.

No, it works on the majority of their customers. Everyone else just gets it already cracked.

If DRM causes the company to lose 10% of their base but pickup a new 11%, they don't care.

DRM won't ever get you new sales. The game will, if it's good and/or marketed enough.

In which case, why come up with these hugely elaborate schemes? If a simple check for the game media in the drive will defeat normal users, why bother wasting the time to make DRM more sophisticated than this?

Exactly the same number who would have gone with the torrent if this DRM system hadn't been used. So they haven't gained anything.
However, they will irritate customers who don't connect to the internet when playing games - for example, people who take their laptops on flights for entertainment.

No, I'm not. When you are talking about copying bit's around, the equation is not "Increasing complexity => decreasing pool of users capable of getting the hacked version". It's "Increasing complexity => decreasing pool of users capable of getting the first hacked version". Once that's done the barrier to piracy is reduced to "using a search engine" or perhaps "hanging out on the right forum". After that first hacked version is produced, all DRM schemes are equivalent.

And "the scene" is also extremely insular and elitist and the last thing they want is to actually provide anything to normal people.

So the vast majority of people will not be getting their warez from any scene, but from some dodgy second-, third- or fourth-hand supplier down the chain who might have done lord knows what to the software in the meantime.

Ubisoft claims it lacks features.For instance, the cracked version lacks the requirement for a continuous online connection.The cracked version lacks the occasional lag caused by the internet connection, nor does the cracked version have the feature where the game gets useless when Ubisoft shuts down their servers.It also lacks all other DRM available in the original game.So yeah, the pirate version is lacking features.

Not really fundamental to the discussion. It's like asking 'if a cheap consumer-grade CPU could execute NP-complete algorithms in a few seconds on any input data, would you still recommend RSA?' The DRM system that you propose is not just difficult, it is not even theoretically possible. In logic, this kind of argument is called ex falsio quodlibet, meaning that if you start with a false axiom you can derive any statement as true.

So, to answer your question, if there were a herd of unicorns grazing in